Amazon EC2

Elastic Block Store Backup Disabled

This plugin ensures Amazon Elastic Block Store backup is enabled.

Risk Level: Low

Description

This plugin ensures Amazon Elastic Block Store backup is enabled. Elastic Block Store volumes can have backups in the form of snapshots. To avoid data loss, it is recommended to have snapshots for all EBS volumes.

Configuration Parameters

Ignore Spot Instance Volumes: This parameter confirms if EBS volumes attached to spot instances are to be covered for this scan. If the value is set to true, it will ignore them.

By default, the value is true, therefore it will ignore EBS volumes attached to Spot instances while doing the scans. 

About the Service

Amazon EC2: Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. With the EC2 instance, you can launch as many virtual servers as you need, configure security and networking, and manage storage without worrying about the hardware needs of the process. Security Groups act as a firewall for an EC2 instance to control the incoming and outgoing traffic. You can read more about security groups here.

Impact

In the absence of backups for EBS volumes, data stored in volumes will be lost permanently on the termination of EC2 instances.

Steps to Reproduce

Using AWS Console-

  1. Log In to your AWS Console.
  2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
  3. Move to the Volumes in the Elastic Block Store section from the left navigation pane.
  4. A list of EBS volumes available will be displayed. Check the Snapshot column, if it is empty, the vulnerability exists.
  5. In case, the ignore spot instances configuration parameter is set to true, select the EBS volume by clicking on its Volume Id.
  6. In the Details section, click on the Attached Instance Id. This will open the details of the instance attached.
  7. Move to the Details section of the EC2 instance.
  8. Check the Lifecycle value, if it is set to “Spot”, no vulnerability exists for the EBS volume attached to a spot instance.
  9. Repeat steps for all the EBS volumes you want to investigate.

Steps for Remediation

Ensure that each Elastic Block Store volumes have proper backups:

  1. Log In to your AWS Console.
  2. Open the EC2 Management Console. You can use this link (https://console.aws.amazon.com/ec2) to navigate directly if already logged in. 
  3. Move to the Volumes in the Elastic Block Store section from the left navigation pane.
  4. Select the vulnerable volume by clicking on its Volume Id. 
  5. From the Actions menu, click on Create Snapshot. This will create a backup for the EBS volume.
  6. Repeat steps for all the EBS volumes you want to fix.